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QUESTION: 46 

You are creating an ASP.NET application by using the .NET Framework 3.5. The application 
has several subdirectories under the application root directory. Only the users who belong to an 
approved role can access the contents of the subdirectory. The user authorizations for the 
subdirectories must be stored in a single Web.config file in the application root directory. You 
need to ensure that the node encloses the approved roles and specifies the appropriate 
subdirectory. Which node should you use? 


A. <location> 

B. <clientTarget> 
C. <authorization> 
D. <authentication> 


Answer: A 


QUESTION: 47 
You are creating an ASP.NET application by using the .NET Framework 3.5. User accounts in 
Active Directory are configured to provide access to resources. You need to ensure that users 
can access the resources through the application. Which XML fragment should you use in the 
Web.config file? 


A. <authentication mode="Forms" /> <identity impersonate="false" /> 

B. <authentication mode="Forms" /> <identity impersonate="true" /> 

C. <authentication mode="Windows" /> <identity impersonate="false" /> 
D. <authentication mode="Windows" /> <identity impersonate="true" /> 


Answer: D 


QUESTION: 48 

You are creating an ASP.NET application by using the .NET Framework 3.5. The application 
will be accessed by Internet users. You plan to enable users to authenticate from the client-side 
script. You add the following code fragment in the Web.config file of the application. < 
system.web.extensions > < scripting > < webService s > <_authenticationService 
enabled="true" / > < /webServices > < /scripting > < /system.web.extensions > You need to 
configure the application to ensure user credentials are validated against Active Directory by 
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using the client- side script. Which two actions should you perform? (Each correct answer 
presents part of the solution. Choose two.) 


A. Configure the application to use the ActiveDirectoryMembershipProvider class. 

B. Configure the application to use the ClientWindowsAuthenticationMembershipProvider 
class. 

C. Add the following code fragment to the Web.config file of the application. < authentication 
mode="None" / > 

D. Add the following code fragment to the Web.config file of the application. < authentication 
mode="Forms" / > 

E. Add the following code fragment to the Web.config file of the application. < authentication 
mode="Windows" / > 


Answer: A, D 


QUESTION: 49 

You are creating an ASP.NET application by using the .NET Framework 3.5. Users are 
authenticated against the Web server by using a custom Single Sign-On (SSO) provider. You 
need to select an authentication mode in the Web.config file. Which authentication mode 
should you select? 


A. None 

B. Forms 

C. Passport 
D. Windows 


Answer: B 


QUESTION: 50 

You are creating an ASP.NET application by using the .NET Framework 3.5. You deploy the 
application to a remote server. The application contains form submissions, QueryString 
parameters, cookies, and ViewState properties. The application connects to a database. You 
need to ensure that SQL injection attacks are minimized. Which three actions should you 
perform? (Each correct answer presents part of the solution. Choose three.) 


A. Constrain and sanitize user input. 
B. Use parameterized SQL statements. 
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C. Use a least-privileged database account. 

D. Display error information so that errors can be resolved. 

E. Convert all stored procedures to dynamic SQL and use the sp_executesql system stored 
procedure. 


Answer: A, B, C 


QUESTION: 51 

You are creating an ASP.NET application by using the .NET Framework 3.5. The application 
will allow users to enter HTML content into a Web form. The HTML content will be stored in 
a Microsoft SQL Server database. You need to ensure that the content can be posted to the 
page. You also need to ensure that potentially harmful script cannot be stored in the database. 
Which two actions should you perform? (Each correct answer presents part of the solution. 
Choose two.) 


A. Use the Server.HtmlEncode method when saving the text to the database. 

B. Use the Server.HtmlDecode method when saving the text to the database. 

C. Set the ValidateRequest attribute of the @Page directive to True. 

D. Set the ValidateRequest attribute of the @Page directive to False. 

E. Set the validateRequestattribute of the pages element to True in the Web.config file. 


Answer: A, D 


QUESTION: 52 

You are creating an ASP.NET application by using the .NET Framework 3.5. The application 
uses the Forms authentication mode. Each folder in the application contains confidential 
Microsoft Excel files. You need to ensure that bots are not allowed to access the folders in the 
application. Which two actions should you perform? (Each correct answer presents part of the 
solution. Choose two.) 


A. Map the Excel files to the ASP.NET ISAPI filter. 

B. Add a <deny> element to the <authorization> element in the Web.config file. 

C. Set the authorization node of the lockElementsattribute value in the Web.config file. 

D. Implement a Robots.txt file in the root directory of the application. 

E. Implement a Completely Automated Public Turing Tests to Tell Computers and Humans 
Apart (CAPTCHA) image control on each page of the application. 
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Answer: A, B 


QUESTION: 53 

You are creating an ASP.NET application by using the .NET Framework 3.5. The application 
stores and retrieves sensitive data in a Microsoft SQL Server 2008 database. The database is 
accessed by multiple applications. You need to ensure that other applications that access the 
database are unable to view any sensitive data that is stored by the application. What should 
you do? 


A. Enable the Transparent Data encryption for the SQL Server database. 

B. Enable the secure sockets layer encryption for the SQL Server connections. 

C. Encrypt sensitive data by using the Secure Hash algorithm before storing it in the database. 
D. Encrypt sensitive data by using the Advanced Encryption Standard algorithm before storing 
it in the database. 


Answer: D 


QUESTION: 54 

You are creating an ASP.NET application by using the .NET Framework 3.5. The application 
is configured to run by using a specific set of user credentials. Other applications are not 
allowed to use these user credentials. The application uses asymmetric encryption to encrypt 
and decrypt messages to other servers. You need to protect the private key used to encrypt and 
decrypt messages from being accessed by other users or applications on the same server. What 
should you do? 


A. Store the private key in the App_Data directory. 

B. Use the System.Security.SecureString class. 

C. Use the System.Security.ProtectedData class. 

D. Use the Triple Data Encryption Standard algorithm to encrypt the private key before storing 
it in a file. 


Answer: C 


QUESTION: 55 

You are creating an ASP.NET application by using the .NET Framework 3.5. The application 
will use ASP.NET Forms authentication. Authentication information will be stored in a 
Microsoft SQL Server 2008 database instance. You need to ensure that passwords are stored by 
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using a non- reversible technique. You also need to ensure that stored passwords are as secure 
as possible. What should you do? 


A. Encrypt the password by using the RC2 algorithm. Store password in the database. 

B. Encrypt the password by using the 3DES algorithm. Store password in the database. 

C. Generate a random Salt value. Hash the password by using the SHA1 algorithm. Store the 
password in the database. 

D. Generate a Salt value by using a known value. Hash the password by using the SHA256 
algorithm. Store password in the database. 


Answer: C 
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